Multiple Vlan assigment in Free radius server with Cisco Nexus Switch.

Alan DeKok aland at deployingradius.com
Wed Dec 15 19:37:33 CET 2021


On Dec 15, 2021, at 1:26 PM, deepak rawat via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I can understand your point and thanks for reply. But i search all the documentation and reply which was given previously but i did not find any example or anything in Radius community or anywhere which suggest how we can give two Vlan in Radius server when the Cisco Switch is used.

  Again... we don't give documentation and examples for every possible situation.  If that isn't clear by now, I don't know what else to say.

> So if there is nothing in documentation then its hard to say how to use it which make me to end up to ask a question to expert like you.
> About Q:1 and Q:2
> 1) which attributes need to be used? - I need how we can give two vlan because i followed the RFC4675 and RFC3580

  Are you reading the Cisco documentation as I suggested?  The RFCs are nice but they're not the Cisco documentation.

> which was mentioned before and i did change the freeradius user file like this.
> E23D.xxx.com Cleartext-Password := "54321"  Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802,  Tunnel-Private-Group-ID = 1968,  Egress-VLANID += 0x310007B1,  Ingress-Filters = 1

  Does the Cisco documentation say to return those attributes for assigning two VLANs?

> Where i am giving 1968 as tagged Vlan 1968 and 0x310007B1(1969) but it did not help so i am doing something wrong here.

  What does the debug output say?  Is it returning those attributes to the switch?

a) yes - consult the Cisco documentation to see which attributes are needed, and what values they should have

b) no - read the FreeRADIUS documentation to see how to configure FreeRADIUS to send attributes in an Access-Accept. There are many, many, examples.

  The problem here is that you're stuck on "I need to configure 2 VLANS".  That's a high level requirement, and it doesn't help you configure FreeRADIUS.

  I'm asking you to break down the problem into pieces, and solve each piece in isolation.  So far, your response has been "no, I'm not going to do that".

  It looks like I can't help you.

  Alan DeKok.




More information about the Freeradius-Users mailing list